Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

benrothke writes "Phil Lapsley calls his book 'the untold story of the teenagers and outlaws who hacked Ma Bell.' The story is an old one, going back to the early 1960's. Lapsley was able to track down many of the original phone phreaks and get their story. Many of them, even though the years have passed, asked Lapsley not to use their real names." Read below for the rest of Ben's review.

Exploding the Phone: The Untold Story of the Teenagers and Outlaws who Hacked Ma Bell

author

Phil Lapsley. Foreword by Steve Wozniak

pages

416

publisher

Grove Press

rating

9/10

reviewer

Ben Rothke

ISBN

978-0802120618

summary

Fascinating story of the early phone phreaks

While parts of the story have been told before, Lapsley's far-reaching research brings many of the central characters into a single read, resulting in an extremely interesting and engrossing read.

When Alexander Graham Bell created his harmonic telegraph, which would later turn into the telephone, it was like the Internet, built for functionality, with no inherent security controls. Those security vulnerabilities were begging to be found, and when they were discovered by the phone phreaks, it was a wake-up call to AT&T.

Defining a phone phreak is like defining a hacker; it means different things to different people. Lapsley defines it as "someone who loves exploring the telephone system and experimenting with it to understand how it works.

What the phone phreaks did was to spend endless hours dialing different numbers to understand how the inner-workings of the telephone system operated. Meaningless sounds to most people were music to the phreaks as they could determine how calls were routed via these tones.

Many of the phreaks practiced what is today known as social engineering and would impersonate phone company employees and technicians.

The devices that enabled them to make phone calls were called black boxes, blue boxes, and red boxes. The book notes that Steve Wozniak (who wrote the forward to the book) and Steve Jobs sold blue boxes before they started Apple. In fact, Jobs is quoted as saying that if they hadn't built blue boxes, there wouldn't have been an Apple.

The book has many layers to it. One part is an interesting history of the telephone and long-distance communications. It then segues into phone phreaks, who much like early computer hackers, used the phone network as a portal for exploration and hacking. The vast majority of the phone phreaks did it for the thrill, rather than just to make free phone calls.

One of the things the phone phreaks did was to read as much corporate documentation and manuals (obtained both legally and serendipitously) as they could. Lapsley notes that many of the technical documents that the phone company shared were in truth highly confidential.

As AT&T was a monopoly with zero competition, the notion that someone would use their own technical documentation against them was unheard of. Lapsley writes that for reasons of corporate pride, national service and public relations, AT&T felt an obligation to share its latest and greatest technical feats with the public. For that reason, the Bell System Technical Journal was required reading for every phone phreak.

The web site for the book has available many of the technical documents detailed in the book that played a role in the development of phone phreaking.

The book details many similarities between the phone phreaks and the early Internet hackers. While law enforcement stated that Kevin Mitnick could launch missiles via whistling into the phone, law enforcement called the phone phreaks a public menace, mentally unstable, a national threat and much more.

Like early hackers, the phone phreaks showed how engineering insiders are often the last to know what is actually possible with the systems they design. Lapsley noted that part of the problem was pride, in that Bell Labs had created the public telephone switching network, and they didn't want to admit how vulnerable it was. Its engineers were spring-loaded to disbelieve reports to the contrary.

Another advantage the phone phreaks, like hackers, had is that the Bells Labs engineers only looked at the systems as how it was supposed to work. That blinded them to how the system actually did work and how it could be made to do things it was never designed to do,

The results were that they couldn't see the holes in their own network; holes that a blind teenager found. Even when that blind teenage told them of the problem, (the book tells the story of Joe Engressia), they didn't understand it when first described to them.

The book describes another major technical security oversight made by AT&T in 1970 with the introduction of the telephone credit card. Lapsley writes that fraud was epidemic as AT&T's credit card numbering system was a bad joke from a security perspective. The card numbers were easy to guess and highly predictable resulting in millions of dollars of related fraudulent calls.

One of the main recurring characters in the book is John Draper, better known as Captain Crunch. Draper made a lot of money as a legitimate software engineer, but lost it due to his business naiveté and personal demons. Draper had numerous arrests related to phone phreaking and served time in prison.

The book notes that Draper's arrest in 1976 is a textbook case of how not to deal with the FBI when arrested. One of the incredulous things Draper did when he was read his rights was to waive them. While the FBI didn't have a search warrant, he voluntarily allowed them to search his apartment and Volkswagen Van, where incriminating evidence was indeed discovered.

While Draper was later convicted, the book quotes a fascinating observation by a phone company employee in that 90% of the phone phreak and hacker cases, law enforcement in fact had no criminal case. Most of the evidence they had was things they couldn't be prosecuted for. Either there was no legitimate crime on the books or all they had was the phone phreaks confession, but no tangible evidence.

It wasn't just the phone phreaks who were raising havoc on the phone company networks. The book writes of others who used black boxes and blue boxes for free calls. From Mafia bookies, to the Hare Krishna movement making fraudulent long-distance phone calls.

The book closes in 1982 when the US Dept. of Justice and AT&T came to an agreement to break up Ma Bell in the Baby Bells.

Lapsley has a degree in electrical engineering from UC. Berkeley so he as a deep first-hand understanding of the technology he is writing about. He also has the unique ability to write about bland technical topics and make them both engaging and comprehensible. He understands directly the curiosity the phone phreaks had and the passion to understand the inner workings of the phone system.

For a book that ends over 30 years ago, Phil Lapsley does a superb job of writing the story of the glory days of phone phreaking. In 2013, the notion of a domestic long-distance call is for the most not in anyone's lexicon. But making free long-distance calls was the mantra of the phone phreaks.

Exploding the Phoneis the first comprehensive history of the era of phone phreaking and Lapsley has done a masterful job a making the story fascinating and readable.

Were hackers really racking up millions of dollars of fraudulent calls, or was AT&T using the same inflated math that the BSA use to calculate loss of revenue from piracy -- by using full retail prices, even though there may have been no loss of revenue or cost to the carrier. AT&T may have been charging 75 cents/minute for a peak time cross country call in 1975, but that doesn't mean that the incremental cost to handle a call cost them anything at all.

The credit card number was not a secret at my high school. It was a phone number + 3 digit code + one letter. Most 3 digit numbers were valid. And the letter was keyed to the middle digit of that code.

So I remember a valid credit card number was [any valid phone number in the country] + x8x + R. You had to call through an operator, she asked for the number you were calling and the CC number then put the call through. I know kids in my class that were calling Disneyland and asking for prices, making reserva

In the case of AT&T there were real physical limits to the number of calls that could be made from A -> B, and if the last slot was used by a hacker, there was one less slot for a paying customer. Most of the time there was overcapacity, mostly because AT&T did overcharge business customers, so they could afford to overbuild.

In the case of AT&T there were real physical limits to the number of calls that could be made from A -> B, and if the last slot was used by a hacker, there was one less slot for a paying customer. Most of the time there was overcapacity, mostly because AT&T did overcharge business customers, so they could afford to overbuild.

Yeah, that's kind of my point - unless AT&T was building more capacity to support the hacked phone calls, then there was really no real cost to them (except maybe termination charges for international calls). If it was really costing them money, then they would have found a way to stop the hacking sooner. Just like how if a million copies of Microsoft office are pirated in China, that doesn't mean Microsoft lost $500 * 1 million = $500 million dollars since it's unlikely that many of the people that use

if the last slot was used by a hacker, there was one less slot for a paying customer.... unless AT&T was building more capacity to support the hacked phone calls, then there was really no real cost to them (except maybe termination charges for international calls)

But the network traffic, like power consumption, varied a lot with time-of-day, and the network had to be sized to handle the peaks. The phone phreaks usually did their deeds at off-peak hours.

Under that legal regime, if you don't lose a dollar, you can't charge your customers $1.06 to cover it with a little profit.

If Bell Labs spends (for example) a hundred million and makes nothing, AT&T would have charged the ratepayers a hundred six million and made six million dollars. But when Bell Labs spent (again for example) a hundred million and made a hundred and one million licensing their inventions, AT&T doesn't get to charge its customers an extra hundred six million

Were hackers really racking up millions of dollars of fraudulent calls, or was AT&T using the same inflated math that the BSA use to calculate loss of revenue from piracy -- by using full retail prices, even though there may have been no loss of revenue or cost to the carrier.

To some extent it was the inflated math case. The retail rates on long distance service were set very high, to generate money that subsidized rural phone service (which ran at a loss, due to line length, but had to be provided as

pretty much. hell i wasnt so mucha phreak,but i remember in HS i had a tape recorder and got recordings of the tones made when you dropped a quarter in the pay phones to give myself free phone calls. this was in the 90s even.

Sounds fishy....the DoB is determined by the day, not time.
A person born on Jan 1. at 12:03AM or a little less than 24 hours later at 11:58PM have the same DoB.
If there was a plea bargain, it means there is public record of it.
You have a source?

Possession based crimes, it was more than 20 years ago. The plea had it done as a minor, so the records are sealed so it dosn't affect his job options, and I'm not going to screw with that by naming him.

One thing this book did for me was explain the Canadian connection. I knew about phone phreaks and such, and I heard lots of stuff about how our beloved BC phone company (BC Tel then, Telus now) was at the center of it all. No one explained why or how.

Very fascinating, really, about how the local phone company ended up being the nexus of phreaking activity.

I remember a time when in-state long distance was 50 cents a minute while out-of-state was 20-30 cents a minute. Some federal law or something. Which sucked, because everything I wanted to do was in-state. Enter phone phreaking! Make all your calls for free, from any phone in the country. There was a period of about eight years where I never paid for a phone call, ever. It was convenient as I ended up doing a lot of traveling and at the end I was making hour-long international phone calls originating